The use of electronic mail (email) allows users anywhere in the world to communicate with each other over the Internet. In recent years, Internet users have been subjected to a torrent of unwanted email messages. These unwanted messages generally take two forms: 1) messages originated by “spammers” to send advertising or solicitation, or as part of a confidence scheme, and 2) messages sent automatically by worms and other malicious software (malware) attempting to infect additional systems. In both cases, a large proportion of the messages attempt to disguise their true source to frustrate attempts to shut down the spammer, to disguise the identity of the infected system sending the message, or to support a social-engineering goal.
In an effort to reduce or eliminate the transmission of unwanted email messages, various approaches have been proposed to assert and verify the identity of the origination address of an email. One example of these approaches is the use of identified mail as described in co-pending, commonly-owned U.S. patent application Ser. No. 10/859,402, filed Jun. 1, 2004, by James Fenton et al., and entitled “A METHOD AND SYSTEM FOR VERIFYING IDENTIFICATION OF AN ELECTRONIC MAIL MESSAGE.” Other approaches include path-based approaches for attempting to verify the identity of the sender by verifying the Internet Protocol (IP) address of the message source, signature-based identification schemes including Pretty Good Privacy (PGP) and Secure Multipurpose Internet Mail Extensions (S/MIME), and certificate schemes.
It is anticipated that as the verification of the originator of an email is regularly implemented, spammers and other senders of unwanted email will attempt to adapt to these new restraints in order to continue sending unwanted email. One potential way for spammers to attempt to circumvent identity verification is by registering legitimately obtained domain names. However, the behavior of these domains can be reasonably bound to the domain name, resulting in quick detection of spammers based on such behavior. This behavior can be detected rapidly, and within a matter of hours or days a domain will be identified as a likely spammer. These spammer domains can then be easily blocked, for example by using real-time black lists (RBLs).
This will in turn place pressure on spammers to have a reserve of fresh domain names that are not identified as the originators of unwanted email. It is anticipated that spammers will utilize throw-away domain names, rapidly abandoning domains names once they are identified as likely spammers. Registrars may or may not facilitate obtaining fresh domains, however it should be noted that it is in the economic interest of the registrars to sell as many domains as possible. Currently, there is no incentive for a registrar to not sell domain names to spammers.